mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Finish coverage for sign_metadata() and generate_targets_metadata()
This commit is contained in:
parent
abbda071a1
commit
6797db9d25
3 changed files with 30 additions and 30 deletions
|
|
@ -519,6 +519,12 @@ def test_generate_targets_metadata(self):
|
|||
self.assertTrue(len(list_targets_directory) + 1,
|
||||
len(new_list_targets_directory))
|
||||
|
||||
# Verify that an exception is not raised if the target files already exist.
|
||||
repo_lib.generate_targets_metadata(targets_directory, target_files,
|
||||
version, expiration_date, delegations,
|
||||
write_consistent_targets=True)
|
||||
|
||||
|
||||
# Verify that 'targets_metadata' contains a 'custom' entry (optional)
|
||||
# for 'file.txt'.
|
||||
self.assertTrue('custom' in targets_metadata['targets']['file.txt'])
|
||||
|
|
@ -658,20 +664,22 @@ def test_sign_metadata(self):
|
|||
'keystore')
|
||||
root_filename = os.path.join(metadata_path, 'root.json')
|
||||
root_metadata = tuf.util.load_json_file(root_filename)['signed']
|
||||
targets_filename = os.path.join(metadata_path, 'targets.json')
|
||||
targets_metadata = tuf.util.load_json_file(targets_filename)['signed']
|
||||
|
||||
tuf.keydb.create_keydb_from_root_metadata(root_metadata)
|
||||
tuf.roledb.create_roledb_from_root_metadata(root_metadata)
|
||||
root_keyids = tuf.roledb.get_role_keyids('root')
|
||||
targets_keyids = tuf.roledb.get_role_keyids('targets')
|
||||
|
||||
root_private_keypath = os.path.join(keystore_path, 'root_key')
|
||||
root_private_key = \
|
||||
repo_lib.import_rsa_privatekey_from_file(root_private_keypath, 'password')
|
||||
|
||||
# Sign with a valid, but not a threshold, key.
|
||||
targets_private_keypath = os.path.join(keystore_path, 'targets_key')
|
||||
targets_private_key = \
|
||||
repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath,
|
||||
'password')
|
||||
targets_public_keypath = os.path.join(keystore_path, 'targets_key.pub')
|
||||
targets_public_key = \
|
||||
repo_lib.import_ed25519_publickey_from_file(targets_public_keypath)
|
||||
|
||||
# sign_metadata() expects the private key 'root_metadata' to be in
|
||||
# 'tuf.keydb'. Remove any public keys that may be loaded before
|
||||
|
|
@ -679,19 +687,18 @@ def test_sign_metadata(self):
|
|||
# raised.
|
||||
tuf.keydb.remove_key(root_private_key['keyid'])
|
||||
tuf.keydb.add_key(root_private_key)
|
||||
tuf.keydb.remove_key(targets_private_key['keyid'])
|
||||
tuf.keydb.add_key(targets_private_key)
|
||||
tuf.keydb.remove_key(targets_public_key['keyid'])
|
||||
tuf.keydb.add_key(targets_public_key)
|
||||
|
||||
root_keyids.extend(tuf.roledb.get_role_keyids('targets'))
|
||||
|
||||
# Add the snapshot's public key (to test whether non-root keys are
|
||||
# ignored by sign_metadata()). Also add an invalid keyid to 'root_keyids',
|
||||
# which sign_metadata() is expected to ignore.
|
||||
root_keyids.extend(tuf.roledb.get_role_keyids('snapshot'))
|
||||
# Verify that a valid root signable is generated.
|
||||
root_signable = repo_lib.sign_metadata(root_metadata, root_keyids,
|
||||
root_filename)
|
||||
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(root_signable))
|
||||
|
||||
# Test for an unset private key (in this case, target's).
|
||||
repo_lib.sign_metadata(targets_metadata, targets_keyids,
|
||||
targets_filename)
|
||||
|
||||
# Add an invalid keytype to one of the root keys.
|
||||
root_keyid = root_keyids[0]
|
||||
tuf.keydb._keydb_dict['default'][root_keyid]['keytype'] = 'bad_keytype'
|
||||
|
|
|
|||
|
|
@ -986,7 +986,8 @@ def make_signable(object):
|
|||
"""
|
||||
|
||||
if not isinstance(object, dict) or 'signed' not in object:
|
||||
return { 'signed' : object, 'signatures' : [] }
|
||||
return {'signed': object, 'signatures': []}
|
||||
|
||||
else:
|
||||
return object
|
||||
|
||||
|
|
|
|||
|
|
@ -1553,9 +1553,9 @@ def generate_targets_metadata(targets_directory, target_files, version,
|
|||
# Ensure all target files listed in 'target_files' exist. If just one of
|
||||
# these files does not exist, raise an exception.
|
||||
if not os.path.exists(target_path):
|
||||
message = repr(target_path) + ' cannot be read. Unable to generate ' +\
|
||||
'targets metadata.'
|
||||
raise tuf.Error(message)
|
||||
raise tuf.Error(repr(target_path) + ' cannot be read.'
|
||||
' Unable to generate targets metadata.')
|
||||
|
||||
|
||||
# Add 'custom' if it has been provided. Custom data about the target is
|
||||
# optional and will only be included in metadata (i.e., a 'custom' field in
|
||||
|
|
@ -1577,7 +1577,10 @@ def generate_targets_metadata(targets_directory, target_files, version,
|
|||
if not os.path.exists(digest_target):
|
||||
logger.warning('Hard linking target file to ' + repr(digest_target))
|
||||
os.link(target_path, digest_target)
|
||||
|
||||
|
||||
else:
|
||||
logger.debug(repr(digest_target) + ' already exists.')
|
||||
|
||||
# Generate the targets metadata object.
|
||||
targets_metadata = tuf.formats.TargetsFile.make_metadata(version,
|
||||
expiration_date,
|
||||
|
|
@ -1811,23 +1814,12 @@ def sign_metadata(metadata_object, keyids, filename):
|
|||
# keyid of 'keyids'.
|
||||
signable = tuf.formats.make_signable(metadata_object)
|
||||
|
||||
# Sign the metadata with each keyid in 'keyids'.
|
||||
# Sign the metadata with each keyid in 'keyids'. 'signable' should have
|
||||
# zero signatures (metadata_object contained none).
|
||||
for keyid in keyids:
|
||||
|
||||
# Load the signing key.
|
||||
key = tuf.keydb.get_key(keyid)
|
||||
# TODO logger.info('Signing ' + repr(filename) + ' with ' + key['keyid'])
|
||||
|
||||
# Create a new signature list. If 'keyid' is encountered, do not add it
|
||||
# to the new list.
|
||||
signatures = []
|
||||
for signature in signable['signatures']:
|
||||
if not keyid == signature['keyid']:
|
||||
signatures.append(signature)
|
||||
|
||||
else:
|
||||
continue
|
||||
signable['signatures'] = signatures
|
||||
|
||||
# Generate the signature using the appropriate signing method.
|
||||
if key['keytype'] in SUPPORTED_KEY_TYPES:
|
||||
|
|
|
|||
Loading…
Reference in a new issue